08-09-2021 11:52 AM
I am new to Duo and don’t have it installed yet as I have some questions about whether it would be right for our environment.
We have 7 computers in our LAN which is behind a physical firewall. Users use the Remote Desktop application to get their desktops remotely. At the office, it is not uncommon for someone to log into another person’s desktop as that person.
Can Duo be set up so that 2FA be set up only when coming in through the Remote Desktop application but not require 2FA when they are locally at their computers?
When using 2FA, is there an app that runs on the phone? Will this app run on any phone or are their certain IOS or Android versions required. I could not find that in the requirements section of the basic documentation I looked at.
Maybe I am misunderstanding completely how Duo works. If that is the case, I would appreciate a link that would help me correct my understanding.
Thanks in advance.
Solved! Go to Solution.
08-10-2021 12:34 PM
Hi @nekton181, welcome to the Duo Community! Thanks for sharing your question here with us. I’ll be happy to answer you and provide as much guidance as I can
Yes, to do this you will just need to select the “Only prompt for Duo authentication when logging in via RDP” option in the installer. You can read more on this in the Important Notes section of our documentation.
Yes, Duo Mobile is our mobile authenticator app you can use to approve Duo Push notifications for certain protected applications (including Windows Logon for RDP) and generate passcodes. You can see which versions of Android and iOS are currently supported in the following articles:
ETA: I hope that helps! Please let me know if you have any other questions I can assist with.
08-10-2021 12:34 PM
Hi @nekton181, welcome to the Duo Community! Thanks for sharing your question here with us. I’ll be happy to answer you and provide as much guidance as I can
Yes, to do this you will just need to select the “Only prompt for Duo authentication when logging in via RDP” option in the installer. You can read more on this in the Important Notes section of our documentation.
Yes, Duo Mobile is our mobile authenticator app you can use to approve Duo Push notifications for certain protected applications (including Windows Logon for RDP) and generate passcodes. You can see which versions of Android and iOS are currently supported in the following articles:
ETA: I hope that helps! Please let me know if you have any other questions I can assist with.
08-13-2021 09:30 AM
Hi Amy,
These links were extremely helpful. Thanks!
One thing I am still want to make sure I have got straight is that older phones can still be used even if they cannot run the app by choosing SMS text messaging to get an authentication code. It seems like the documentation says that is the case, but I want to be 100% sure.
Thanks so much!
08-16-2021 05:33 AM
Glad you found them helpful! Yes, older phones are still able to authenticate via SMS text messages even if they cannot install the Duo Mobile app.
08-16-2021 10:01 AM
Thanks Amy!
I don’t know if I should start a new thread or not, but I am also wondering if multiple phones can be assigned to a device. I want the employee to be authenticated with Duo, but I as an IT person will also need to access the device remotely. Is there a link to how this is accomplished? It must be a fairly common scenario.
08-16-2021 12:53 PM
@nekton181 Phones in Duo get assigned to a person, not to a computer. So the phone attached to your Duo user can be used for 2FA for any of your Duo-protected applications.
Getting Started - a very basic overview of how to begin a Duo rollout, and these specifically are the steps you could take to roll Duo out to these LAN computers:
Hope that helps!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: